Portfolio Brief 


Nortel Networks \ '——-_ 

Contivity VPN Switches 

for enterprises and service providers 


Savvy enterprises have been quick to see the potential 
in IP (Internet protocol) virtual private network (VPN) 
services—which use secure IP technology to extend 
private networking anywhere within the reach of 
the Internet. 

Nortel Networks has the comprehensive technology 
to create highly scalable, secure, and robust IP VPNs 
to connect your multi-location enterprise and supply 
chain—or for service providers to offer IP VPNs as a 
managed service. 

The complete product family includes models scaled 
to suit large corporations, mid-sized companies, 
branch locations, external supply chain associates, 
and small offices. 


The Contivity* VPN Switch is an 
ideal solution for enterprises or service 
providers building IP VPNs—for 
intranets, extranets, and remote access. 

A single hardware device provides 
routing, firewall, bandwidth manage¬ 
ment, encryption, authentication, and 
data integrity for secure tunneling 
across IP networks and the Internet. 

Consider how easy it is to securely 
network the multi-location enterprise— 
whether you are providing the service to 
your own organization or as a managed 
service provided to enterprise customers. 
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A model to match every 
enterprise requirement 

The industry-leading Contivity 
family includes models for every 
application—from home offices 
to large corporate headquarters: 

• The Contivity 4600 is the premium 
offering in the Contivity family, 
providing secure, efficient VPN 
connectivity for up to 5000 tunnels. 

• The Contivity 2600 provides full- 
featured performance and security 
for locations that require up to 1000 
tunnels. 

• The Contivity 1600 offers unusually 
flexible solutions for office centers, 
campuses, or branch offices needing 
up to 200 tunnels. 

• The Contivity 600 gives small 
branch offices/small enterprises the 
flexibility of up to 30 simultaneous 
VPN tunnels in both remote access 
and branch office settings. 

• The cost-effective Contivity 400 is 
targeted for branch offices requiring 
up to 30 branch tunnels. 

• The economical Contivity 100 

provides basic 1 branch connectivity 
for small offices requiring a limited 
number of branch tunnels. 


This robust and easily managed 
technology made Nortel Networks 
the global leader to service providers in 
the VPN gateway market, according to 
a 3Q2001 market analysis report from 
Synergy Research Group. 

Remote access, intranet, 
and extranet solutions 

Enterprises can deploy Contivity 
VPN Switches on their own, or 
outsource deployment to one of many 
service providers that offer Contivity 
Managed Service. 

Either way, Contivity VPN Switches 
offer multi-location enterprises some 
compelling service choices: extranet 
VPNs, intranet VPNs, and remote 
access VPNs. 

Enterprises enjoy secure connectivity 
with business partners far beyond the 
reach of their private network, using 
extranet VPNs. 

Imagine the level of efficiency and 
customer service they can achieve by 
linking the entire supply chain— 
manufacturing, distribution, resellers, 
retailers, and consumers—without the 
expense of dedicated, leased lines. 


Why not use the Internet or public 
data networks to connect business 
sites, such as branch offices? With 
intranet VPN service, authorized 
users gain the performance of a 
private network without the capital 
and operating costs or the limitations 
of private networks or leased lines. 

Why pay an average of $1500 per 
user per year for modem banks to give 
remote access to dial-in users? ) With 
remote access VPN service, enterprises 
can slash $1000 off that per-user price 
tag while giving users a broader range 
of the latest access technologies, such 
as cable modems and digital subscriber 
line (DSL). 

Contivity VPN Switches are also key 
in the Nortel Networks Virtualized 
Networking solution—which combines 
IP VPNs with powerful service 
intelligence. The result is an agile, 
dynamic, subscriber-aware network 
that puts users in control of the 
networking experience. Contivity VPN 
Switches are the secure, full-featured 
on-ramn to the Virtualized Network. 


t Not all high-end functions described in this document apply to the branch models. See the 
comparison chart beginning on the next page for a summary of features/functions by model. 





















































Technical specifications—features and capabilities 


Contivity VPN Switches - models 600,1600,2600, and 4600 


Tunneling protocols 


Routing protocols 
Authentication services 


• Point-to-point tunneling protocol (PPTP), including compression and encryption; L2F, L2TP 
IPsec, including authentication header (AH), encapsulating security protocol (ESP), and Internet key 
exchange (IKE) 

• RIP vl, RIP v2, OSPF, VRRP 

• Internal or external lightweight directory access protocol (LDAP) 

• Remote authentication dial-in user services (RADIUS) 

• Token card integration: Security Dynamics and AXENT,** e.g. SecurelD 

• Digital certificate authentication with Entrust** and VeriSign;** Smart Card integration—Entrust compatible 


Encryption 


Firewall services 


Federal Information Processing Standard 140-1 Level 2 certified 
IPsec-certified by the International Computer Security Association (ICSA) 

DES, 3DES, RC4 

3DES uses 3 independent 36-bit keys; 168-bit key length (effective encryption strength of 128 bits) 

Contivity Stateful Firewall, including stateful packet inspection, audit, network address translation (NAT) 
Filtering on individual user or group profile; source and destination interface (tunnel, physical or any); 
source and destination address; IP port, service, and protocol type 
Logging, traps, and audit trails 
Anti-spoofing 

Denial of Service protection against hacker attacks (e.g., Syn Flood, Ping of Death, ICMP unreachable, 
Smurf) 


Bandwidth 

management 

• Group-level configurable minimum bandwidth settings, priority levels using random early detection (RED); 
four admission control levels; four forwarding priority levels; eight DiffServ (Differentiated Services) queues; 
code point marking; quality of service (QoS): resource reservation protocol (RSVP) 

Accounting 

• Internal and external RADIUS accounting 

• Event, system, security, and configuration accounting 

• Automatic archiving to external system 

Management 

• Full HTML and Java** configuration; SNMP alerts; bulk load configuration; NNCLI; four levels of 
administrator access; role-based management to separate service provider and end-user management 

• Batch configuration and management of multiple Contivity switches 

• Nortel Networks IP VPN Service Management Solution 

Reliability 

• Powerful, market-leading Intel processor architecture 

• Multi-level authentication servers 

• Automatic backup of all system data 

• Redundant components on Contivity 4600 

Client software 

• Free client for Windows** 93, 98, 2000, XP, Millennium, or Windows NT** 4.0 or later 

• Licensable client for Macintosh OS, Solaris, Linux, HP-UX, and IBM-AIX 

• IPsec, including AH, ESP, IKE, third-party main and aggressive mode clients 

• Auto-configuration with “one-click” connection 

• Support for Windows embedded tunnel protocols, including Windows 2000 L2TP/IPsec; mix and match 


with existing Nortel Networks clients or other tunnel protocols such as PPTP and L2TP 


Contivity VPN Switches - models 100 and 400 


Tunneling protocols • IPsec—including Internet Key Exchange (IKE) with shared secret 

Routing protocols • RIP vl, RIP v2 

Authentication services • Password Authentication Protocol (PAP); Challenge Handshake Protocol (CHAP); password protection 

on all management and update processes including: Telnet, GUI, Web access, and IPsec management 
tunnel, MD5 and SHA authentication options 

Encryption • DES, 3DES 

Security • Stateful firewall (requires NAT) 

WAN support • Frame relay; point-to-point protocol (PPP) 

Remote management • Includes all local options (GUI/WEB/CLI) on local and public interfaces, as well as policy-limited 

management through IPsec management tunnels. Firmware upgrades are controlled through a fail-safe 
GUI-driven process which is implemented either locally or remotely. 










Technical specifications—corporate/enterprise models 



Contivity 1600 


Up to 200 tunnels 


Components 


• Memory: 

Standard —128MB 
Maximum —256MB 

• 400 Mhz processor 

• One PCI expansion slot 

• Interfaces: 

Standard 

- 2 10/100 Ethernet LAN ports 
Optional 

- Additional 10/100 Ethernet 

- V.35/X.21 

- Tl with integrated CSU/DSU 

• Software: 

Standard 

- VPN O/S software for the 
Contivity 1600 

- Contivity VPN Client software 
for MS-Windows with unlimited 
distribution license 

Optional 

- Contivity Stateful Firewall license 

- Contivity Advanced Routing license 

- Contivity Multi-OS client software 
for MAC and UNIX platforms 

• CD and on-line HTML 
documentation 


Physical Length: 21 in. (53.3 cm) 

Width: 17.25 in. (43.8 cm) 
Height: 3.5 in. (8.9 cm) 

Weight: 10.0 lb (4.5 kg) 

Electrical: 110-120/220-240 VAC, 
2/1.25 A, 50-60 Hz 






Contivity 2600 


Up to 1O00Tunnels 

• Memory: 

Standard —128MB 
Maximum —256MB 

• 733 Mhz processor 

• Three PCI expansion slots 

• Interfaces: 

Standard 

- 2 10/100 Ethernet LAN ports 
Optional 

- Additional 10/100 Ethernet 

- Single port V.35/X.21 

- Dual port V.35 

- Tl with integrated CSU/DSU 

- High-speed serial interface (HSSI) 

- Encryption accelerator card 

• Software: 

Standard 

- VPN O/S software for 
Contivity 2600 

- Contivity VPN Client software 
for MS-Windows with unlimited 
distribution license 

Optional 

- Contivity Stateful Firewall license 

- Contivity Advanced Routing license 

- Contivity Multi-OS client software 
for MAC and UNIX platforms 

• CD and on-line HTML 
documentation 


Contivity 4600 


Up to 5000 tunnels 

• Memory: 

Standard —256MB, 

Maximum —1 Gigabit 

• Dual 800 Mhz processors 

• Five PCI expansion slots 

• Interfaces: 

Standard 

- 2 10/100 Ethernet LAN ports 
Optional 

- Additional 10/100 Ethernet 

- Single port V.35/X.21, Dual-port V.35 

- Tl with integrated CSU/DSU 

- High-speed serial interface (HSSI) 

- Encryption accelerator card 

• Dual, redundant, auto-switching power 
supply system with dual line cords 

• Dual, redundant storage system 

• Software: 

Standard 

- VPN O/S software for Contivity 4600 

- Contivity VPN Client software 
for MS-Windows with unlimited 
distribution license 

Optional 

- Contivity Stateful Firewall license 

- Contivity Advanced Routing license 

- Contivity Multi-OS client software 
for MAC and UNIX platforms 

• CD and on-line HTML documentation 


Length: 21 in. (53.3 cm) 
Width: 17.25 in. (43.8 cm) 

Height: 5.25 in. (13.3 cm) 
Weight: 25.0 lb (11.3 kg) 
Electrical: 110—240 VAC, 2.0 A, 
50-60 Hz 


Length: 17.0 in. (43.2 cm) 

Width: 17.0 in. (43.2 cm) 

Height: 14.0 in. (35.6 cm) 

Weight: 60.0 lb (27.2 kg) 

Electrical: 100-240 VAC, 3.0 A, 
50-60 Hz 


Operating • 
environment • 




Temperature: 50°-95°F (10°-35°C) 
Relative humidity: 10-90% 
noncondensing 


206 BTU/hour @ 240 VAC 


• Temperature: 32°-104°F (0°-40°C) 

• Relative humidity: 10-90% 
noncondensing 

• 297 BTU/hour @ 240 VAC 


Temperature: 32°-104°F (0°-40°C) 
Relative humidity: 10—90% 
noncondensing 


933 BTU/hour @ 240 VAC 


What makes Contivity 
VPN Switches exceptional? 

Ease of deployment and 
management 

One box provides a full range of 
features for building high-performance, 
scalable, secure IP VPNs. 

Contivity VPN Switches are easy to 
deploy at enterprise sites, support a wide 
range of interfaces, and interoperate with 
existing network components such as 
routers, firewalls, and servers. 


A powerful, integrated management 
system provides robust VPN service 
management for: 

• Fault management (alarm monitor, 
historical fault browser, and 
problem advisor) 

• Performance management 

• Accounting mediation 

• Provisioning 

• Creation and monitoring of 
service level agreements 

Our integrated management systems 
make it easy for service providers and 
enterprises to bulk provision switches. 


Secure directory-enabled 
networking 

The Contivity VPN Switch accepts 
incoming traffic through authenticated, 
tunneled connections. All connections 
are encrypted for privacy, and all 
transactions are logged. 

Each user, group, or branch office 
connection—internal or external— 
can have a unique filtering profile 
with different access rights. 






































Technical specifications—branch office/home office models 
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Contivity 100 

Contivity 400 

Contivity 600 


Up to 5 tunnels 

Up to 30 tunnels 

Up to 30 tunnels 

Components 

• 16 MB RAM 

• 64 MB RAM 

• Memory: 128MB 


• 8 MB Flash memory 

• 8 MB Flash memory 

• One PCI expansion slot 


• Interfaces: 

• Interfaces: 

• Interfaces: 


Standard 

Standard 

Standard 


- 1 10/100 Ethernet LAN ports 

- 2 10/100 Ethernet LAN ports 

- 2 10/100 Ethernet LAN ports 


- 7-port 10/100 Ethernet auto- 

- 7-port 10/100 Ethernet auto- 

Optional 


sensing switch 

sensing switch 

- Additional 10/100 Ethernet 


- Serial port—out of band 

- Serial port—out of band 

- V.35/X.21 


management or PPP 

management or PPP 

- Tl with integrated CSU/DSU 


Optional 

Optional 

• Software: 


- Additional 10/100 Ethernet 

- T1 CSU/DSU with ISDN 

Standard 


ISDN (S/T and U interfaces) 

(U interface) 

- VPN O/S software for Contivity 600 


- Single analog modem 

- V.35/X.21 with ISDN (S/T and 

- Contivity VPN Client software for 


(North American and 

U interfaces) 

MS-Windows with unlimited 


International versions) 

- ISDN (S/T and U interfaces, 

distribution license 


- Dual analog modem 

Dual analog modem 

Optional 


(North American and 

(North American and 

- Contivity Stateful Firewall license 


International versions) 

International versions) 

- Contivity Advanced Routing license 


• Contivity 100 software 

• Contivity 400 software 

- Contivity Multi-OS client software 


• CD and on-line HTML 

• CD and on-line HTML 

for MAC and UNIX platforms 


documentation 

documentation 

• CD and on-line HTML documentation 

Physical 

Length: 14.5 in. (37 cm) 

Length: 17 in (43.2 cm) 

Length: 11 in (27-9 cm) 


Width: 12 in. (30 cm) 

Width: 15.5 in (39.4 cm) 

Width: 8.5 in (21.6 cm) 


Height: 2.64 in. (6.7 cm) 

Height: 3.5 in (8.9 cm) 

Height: 4.0 in (10^2 cm) 


Weight: 8 lb (3.6 kg) 

Weight: 13.2 lb (6.0 kg) 

Weight: 6 lb (2.9 kg) 


Electrical: internal 85W, 100-240 VAC Electrical: internal 85W, 100-240 VAC 

Electrical: 90—240 VAC, 50—60 Hz 

Operating 

• Temperature: 50-90°F (1°-35°C) 

• Temperature: 32-104°F (0°-40°C) 

• Temperature: 32-131°F (0°-55°C) 

environment 

• Relative humidity: 10-90% 

• Relative humidity: 8—80% 

• Relative humidity: 5-85% 


noncondensing 

noncondensing 

noncondensing 


• BTU: 290 BTU/hour @ 240 VAC 

• BTU: 290 BTU/hour @ 240 VAC 

• BTU: 205 BTU/hour @ 240 VAC 


The Contivity family of products 
offers internal and external LDAP 
capabilities. The internal LDAP capa¬ 
bility offers customers built-in space 
for storing profiles. Additional capacity 
can be purchased in the form of the 
external Netscape** LDAP option, 
which allows the Contivity switch to 
store tens of thousands of LDAP user 
and group profiles. 

Integrated firewall protection 

Contivity VPN Switches at the 
network center, branch office, or 
remote location can be integrated 
with a high-performance Contivity 
Stateful Firewall. 


All connections can be authenticated, 
encrypted, and further protected by 
unique filtering profiles for each user 
or group—plus complete life-cycle 
managed digital certificate authentication 
using Entrust, VeriSign, or other third- 
party certificate authorities. 

Customized service offerings 

Enterprises can choose to own and 
manage their own IP VPNs, outsource 
to a service provider while retaining 
control over user authentication or 
a part of the network, or outsource 
all aspects of the service. When the 
IP VPN is provided as a managed 
carrier service, different management 
demarcation points can be defined 
for different enterprises. 


Models scaled 
and featured for 

small offices, 
mid-sized 
organizations, 
and large 

corporations... 

...from 1 to 5,000 
simultaneous tunnels 























A complete product family—models for every application 



Application 

Expansion 

Tunnels 

Firewall 

Contivity 4600 

Large corporate 

Five open PCI slots 

5000 

Stateful firewall 

Contivity 2600 

Medium corporate 

Three open PCI slots 

1000 

Stateful firewall 

Contivity 1600 

Small corporate 

One open PCI slot 

200 

Stateful firewall 

Contivity 600 

Small corporate/ 
branch office 

One open PCI slot 

30 

Stateful firewall 

Contivity 400 

Branch/small office 

Fixed configuration 

30 branch tunnels only 

Stateful firewall (requires NAT) 

Contivity 100 

Branch/small office 

Fixed configuration 

5 branch tunnels only 

Stateful firewall (requires NAT) 


High performance 

A powerful Intel** architecture, 
redundancy for key components, 
multilevel authentication, hardware- 
based encryption card, and automatic 
backup of system and accounting data 
create a high-performance, highly reliable 
IP VPN switch. The hardware-based 
encryption card also accelerates data 
throughput in the Contivity switch. 
Using the hardware accelerator, data 
throughput is effectively doubled. 

As processor technology continually 
advances, the Contivity family of 
products continues to bring down the 
cost per user. 

Dynamic routing 

Contivity VPN Switches in the branch 
office and network center use the RIP vl 
and v2 and OSPF routing protocols to 
dynamically create secure tunnels and to 
simplify provisioning of branch offices. 

Broad client support 

The Contivity VPN Client is included 
free, with an unlimited distribution 
license, and supports all Windows 
operating systems (OSs). This client can 
be tailored to include custom icons and 
banners, and is password-protected for 


In the United States: 

Nortel Networks 
35 Davis Drive 
Research Triangle Park, 
North Carolina 27709 
USA 


In Canada: 

Nortel Networks 
8200 Dixie Road 
Suite 100 

Brampton, Ontario L6T 5P6 
Canada 


added security. Contivity clients are 
also available for other OSs, including 
Macintosh, Linux, Solaris, HP-UX, 
and IBM-AIX. 

Furthermore, the Contivity portfolio 
offers broad support for IPsec-standard 
clients, including Microsoft clients and 
the Certicom-developed wireless client, 
which allows handheld-based devices 
to securely and quickly communicate 
through a Contivity VPN switch. 

Standards-based technology 

Contivity VPN Switches are equipped 
for evolving VPN and extranet standards, 
and provide a wide range of choices 
for tunneling, authentication, 
encryption, and accounting. 

Branch-to-branch 
optimized design 

New routing features (such as OSPF/ 
VRRP) enhance fail-over/redundancy 
capabilities of site-to-site VPN 
applications—resulting in more 
reliable E-business operations. In 
addition, DiffServ allows enterprises 
to effectively implement advanced 
bandwidth management and QoS— 
giving enterprises better, more 
predictable data throughput. 


Options 

Contivity Stateful Firewall 

• Available for purchase as license key 

• Available on the Contivity 600, 

1600, 2600, and 4600 

Advanced Routing 

• Available for purchase as a license key 

• Allows users to access powerful 
Contivity features such as OSPF, VRRP, 
Advanced Bandwidth Management, 
IETF DiffServ and other QoS features 

• Available on the Contivity 600, 

1600, 2600, and 4600 

Netscape LDAP 

• Allows users to store several tens of 
thousands of user and/or group profiles 

• Available on the Contivity 600, 

1600, 2600, and 4600 

Hardware Accelerator 

• Encryption card enables doubling 
of throughput 

• Available on the Contivity 2600 
and 4600 

In summary, if you’re looking to build 
the most secure IP VPN services— 
either for your own enterprise or to 
offer as a managed service—count 
on Contivity VPN Switches. 


For more information, contact your Nortel Networks representative, or 
call 1-800-4 NORTEL or 1-800-466-7835 from anywhere in North America. 

www.nortelnetworks.com 

*Nortel Networks, the Nortel Networks logo, the globemark design, and Contivity are trademarks of Nortel Networks. 

**Axent is a trademark of Axent Technologies, Inc. Intel and Intel Xeon are trademarks of Intel Corporation. 

Entrust is a trademark of Entrust Technologies, Inc. Java is a trademark of Sun Microsystems, Inc. Linux is a trademark 
of Linus Torvalds. Netscape is a trademark of Netscape Communications Corporation. VeriSign is a trademark of VeriSign, Inc. 
Windows and Windows NT are trademarks of Microsoft Corporation. 
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